I'm curious as to whether or not these Age Verification banners that appear on some sites are really "effective". That is to say, do these really help to deter/prevent users that are underage from reaching their website?

A common example of websites that may have this feature are video games that have 17+ esrb/pegi ratings, alcohol companies, and NSFW sites.

If anything, is there any way to effectively enforce ages on any given site? Does an "age verification" banner work? If not, what is its primary use?

My favorite was leisure suit larry games approach. Where it would ask a series of age appropriate questions. It kept me out when I was 10 years old. Google "leisure suit larry age verification questions"
–
DaveoApr 16 '13 at 7:02

6

Surely a tickbox is all that's needed. "Are you over 18?"
–
digiguruApr 16 '13 at 10:23

62

The purpose of such banners is not to be effective (no one cares if they are or not). They are made to transfer guilt: If you're 11yo and you enter my porn website, it is my fault for not having it protected. But if you enter my site and a banner appear to ask about your age and you lie in this check, that's completely your fault or perhaps your parents fault.
–
VÿskaApr 16 '13 at 11:47

6

Technically asking a users birthday, and then asking the user how old they are might be more effective. Most people insert a random date, and can't be bothered to go through a "well, I wrote 1st of January 1972, that'd mean that'd I'd already have had my birthday this year, so I'd have to be 41" thought, unless they really want to see the content, in which case they'd just go back, select a year they'd remember, and calculate their way in.
–
h2oooooooApr 16 '13 at 14:01

18 Answers
18

Age check tests

Leisure Suit Larry was probably the first application to do this, and considering that I played it when I was about 11 years old, I would call it ineffective.

Making some sort of test to make sure that you are old enough, simply encourages younger users as it makes them feel more 'adult'. Additionally, the test was designed for a typical US adult experience, and also had the effect of filtering out adults of other cultures. My father for example, couldn't pass it the first few tries.

Age check buttons

The other option is an age verification button. Nobody seriously thinks that these are effective. What do you think a 13 year old boy will do when he sees this?

Credit card verification

The only somewhat effective method that I have seen for this is to verify by credit card information, and later on a password. This is the way that Apple and some adult sites handle it. Although it is effective, it only works in limited situations where 1) you have payment processing 2) people are trusting enough to give you their credit card information.

Reason

I have yet to see an example of a company doing this because they want to restrict younger viewers. In the USA, for example this is done on alcohol sites, but it is common knowledge that underage drinkers make up a large chunk of the companies profits. They clearly don't want this to stop.

The real reason behind all of this is legal liability. Companies want to say that they asked first, and so make have legal deniability if someone underage uses their product, or simply deniability to parents that don't want their kids to see something.

TL;DR: Do this if you need to legally, but it will be ineffective in confirming if someone is an adult.

I remember Larry. I live in Europe and played US version of the game, and questions concerning baseball players or jazz musicians were very hard. As I remember, there was also non-US version of the game, having simpler questions.
–
VoitcusApr 16 '13 at 10:31

2

I could have gotten a credit card at 15, just asking whether someone has one (or even validating a number) isn't therefore going to work as verification of being an adult under the law. And for privacy reasons CC companies in many countries (maybe all) won't be allowed to hand out that age information. Also, credit cards, though common in the US, are far less so elsewhere (and even in the US many adults don't have one). You're basically therefore limiting your audience to a subgroup of the US by using that as a validation method.
–
jwentingApr 16 '13 at 10:42

2

@jwenting If you enter a date of birth with your credit card details, I can get a verification from the credit card issuer whether your date of birth is correct. This has little to do with just having a credit card.
–
JohnGB♦Apr 16 '13 at 11:32

You could request ID scan (passport/driving license/state issued ID). Of course a) there are fake IDs used by younger people b) from what I heard in some countries (US) not everyone have ID and c) not every adult will be willing to send you ID for fear of identity theft.
–
Maciej PiechotkaApr 16 '13 at 9:17

3

@MaciejPiechotka worse, D) many countries don't allow the provision of copies of your ID to 3rd parties except for specific purpose (like to customs agents, police, and employers), the penalty being severe fines or prison, and therefore certainly won't help you validate the ID.
–
jwentingApr 16 '13 at 10:44

2

This may be true but your answer would be more useful with some evidence to support it.
–
KennyPeanutsApr 16 '13 at 11:48

This will only make it more complicated, but not impassable. People who enter mismatched information the first time, will simply try again and get it right next time. Also, I personally never enter a correct birth date anyway, even though I'm over 13/18/21/whatever the website asks. It is not anyone's business what my birth date is when all I do is browse content.
–
SaltyNutsApr 16 '13 at 14:48

@poke True, yet even I as an adult often provide wrong dates as those precise forms bore me. I do not want to fill three numbers only to proceed. So I always will select only one year. If you then again ask me for my age, I will be really annoyed. All you achieve is that I either calculate the corresponding age or that I retry with a different age. Heck, I might just never visit your site at all. So while every age "verification" will annoy me, there are different levels of annoyance. I do love the "Are you of legal age? Yes! No." solutions.
–
k0pernikusApr 17 '13 at 0:25

2

Even us 'old people' don't like giving out their real birthdate to web sites. Odds are this will greatly reduce traffic
–
DA01Apr 17 '13 at 1:19

2

+1 for creativity, but unfortunately it will only be a small hindrance yet a big annoyance.
–
SuprApr 17 '13 at 11:06

These are completely ineffective, just as ineffective as "I'm over 18".

However, they do effectively protect the website from COPPA. If the fact that a certain website has an underage user on it is brought to the attention of the courts, the site can expose its logs, and say that "the user claimed that s/he was over 13, so we didn't know".

It's a legal shield, that's all. Just like the "I agree" checkboxes for long ToSs that nobody reads.

Disclaimer: This is no means by an original idea of mine, but for the love of me, I can't remember where I came across it. I will post an update when I discover its source.

The basic idea for age verification revolves around asking the user an era-related pictorial question. Anybody who's lived through that era should be able to immediately relate to it, while more recently-born users would hardly have a clue.

Here are a few examples that would permit access to users from the 90's, but keep out users from the 2000's:

Q: What's the relation between a cassete and a pencil?
A: To wind up a spool
Q: Identify the brand and type of this music player:
(A: Sony Walkman Cassette Player)

Q: Where have you seen this iconic car?:
(A: Knight Rider)

Q: Identify this popular videogame:
(A: Contra)

Unless a younger user is quite knowledgeable about older pop culture (or knows about TinEye or Google Reverse Image Search), this age gate mechanism would prove to be quite a deterrent. You would most definitely have a much smaller percentage of break-ins from younger users in comparison to conventional age gates.

On the downside, this approach might be pose a severe implementation challenge:

You would need a large pictorial question bank, from where your system
would randomly pick questions.

You would need to implement the mechanism to obtain the answer as a
text box which would mean your must have a tolerance over the answers
('Sony Walkman Cassette Player','Sony Walkman Tape Player','Sony Tape
Player' etc. would all count as valid answers to Q1 above).

You would need to decide a limit on how many questions a user is allowed to
answer incorrectly before you decide that the user is infact a minor. You might
even choose not to have this limit, and allow the user to try infinitely.

If you're really keen, this is worth a shot!

EDIT :
The questions above are just examples to show how this model could be worked, and do not pertain to actual questions. In order to cater to a larger audience, questions would have to be more diverse. Moreover, users could always retry if they got answers incorrect.

As discussed in the comments below, questions like the "Contra" one pose cultural/localization issues. To circumvent such issues, you'd need to either have a bank of universally applicable questions, or culture-specific questions that can be posed after first asking the user his choice of country/language.

EDIT 2 :
This answer has received enough flak already, and there's no point mulling over it any more. What initially sounded as a fun and creative idea has now dawned on me as being heavily flawed. Let's just shelf this and move on, shall we?

Nooooo I am before the 00s but I don't know both "Knight Rider" and "Contra".
–
Alvin WongApr 16 '13 at 7:37

7

while I love the idea, I have to say that it would be really hard to have questions that ppl from different cultural backgrounds would relate to. just like @AlvinWong mentioned, I too could not answer "Knight Rider" and "Contra" ("Contra" is known to me by a different name).
–
Ahmad SalehApr 16 '13 at 8:06

10

This works only if the target audience does not know about Google Search by Image. Otherwise bypassing it is trivial - just drag and drop the image into Google Image Search and you're done.
–
SaulApr 16 '13 at 8:21

16

In addition to above problems this is also not really accessible - worse than CAPTCHAs.
–
pokeApr 16 '13 at 11:39

There's only one way to verify a person's age, and that is to have that person go to your head office in person and present their certified birth certificate plus official photo ID. And even then, they could have hired someone else to do it for them and issued them with false documents (but you might be able in some countries to verify the validity of such documents with the government, in many countries however that's not legally possible).

Of course by doing so you're alienating most of the planet as your potential customer base, as for everyone who doesn't live within a short distance of your office the trip to go there in person to register for using your website would be too much of a bother (and for many way too expensive and time consuming even if they were inclined to do so otherwise).

Don't expect to get many responses either (and certainly far less valid ones) by demanding people email scans of their passport or driver's license. Not only do many people not own the tools to make those scans, in many countries it's actually illegal to send them to 3rd parties unless under very specific restrictions (like your employer's HR department may be exempt, your website certainly will not be exempt).

And of course you'd have no way whatsoever to certify whether the documents you get mailed are a) genuine and b) pertaining to the person sending them.

So you're going to have to trust people, and using a system like just asking for an age will at the very least stop some kids. And IMO that's more than enough, if parents were actually parenting they'd stop their kids themselves, if they're not I couldn't care less about what their kids do on the internet as long as I'm not legally liable for it and this system is enough to guarantee that AFAIK.

Being a moderator in adult zones in second life, I have to deal with these issues regularly, and we catch several minors each and every day who enter an incorrect age to bypass the restrictions (and then they again have to explicitly deactivate filters in the second life client software that block adult rated content unless deactivated, AND then explicitly select wanting to end up in our areas). These kids (the youngest we've caught recently was 8 years old) are quickly booted out and reported to the owners/operators of second life who terminate their accounts, and that's indeed all you can do, terminate those who bypass the filters by entering incorrect information.

@JonW a lot of them are honest/stupid enough to confirm it when questioned after some behaviour which seems childlike (speech patterns, for example, and quite frequently they include their actual date of birth in their account name (which in SL becomes your default avatar name and can't be hidden from view by others), seeing a date in an account name is often enough to warrant some further questioning). Plus second life has optional voice communication, hearing children speak on voice is a big red herring.
–
jwentingApr 16 '13 at 11:16

If you do a search for age verification best practices on alcohol related sites, you will see that there is a general consensus that these age verification splash pages rarely work but are often required as a part of company policy. To quote this smashing magazine article

During my research, I wondered if there were any laws in Canada or the
United States that required the use of such a splash page. I contacted
Labatt Breweries of Canada and I was informed that there was no law
requiring the age verification screen, but that it was a company
policy to have the user enter their date of birth. Okay, that’s fair
enough. But I wondered why they would opt for the complicated version
over the simple examples shown above. The woman I spoke to
reemphasized that it was a company policy to have the user enter their
exact date of birth. She suspects it’s the same for most other
companies as well. I had also contacted Anheuser-Busch but hadn’t
heard back from them.

However if you reference the article more, there are some suggested best practices on how to best design a verification which suggest keeping a simple question\answer option with a single choice.

@DA01 This answer says that there is no legal requirement.
–
Konrad RudolphApr 16 '13 at 15:49

1

@KonradRudolph well, the answer refers to company policy and, while at least in Canada there isn't an explicit law requiring this, these policies are typically implemented by internal legal departments, who tend to be overly cautious in interpreting laws.
–
DA01Apr 16 '13 at 15:54

problem is that verifying the validity of those documents is problematic (and indeed many countries won't cooperate, or will even sometimes arrest the person providing them for making illegal duplicates).
–
jwentingApr 16 '13 at 10:39

@jwenting It is not necessary to provide a universal solution. For example if %99 of a beer manufacturers likely customers have US drivers license and the remaining 1% are residents of noncooperating countries, then the manufacturer could change the requirements to "open to US residents 21 or older." It is not the case that 21 year olds have a right to visit the beer website.
–
emoryApr 16 '13 at 17:08

@emory that may be true for companies serving a highly localised market, but in an international world it's different. Most such things are in use in games etc. with "steamy" content (which in the US means as much as an exposed belly button it sometimes seems to Europeans...) which are aimed at a worldwide audience.
–
jwentingApr 17 '13 at 6:21

The simple questions about age are not intended to keep out people who are too young, but rather to prove that a deliberate warning about the content was worked around. The person asking the question can then say that the access was not authorized by them since the user violated terms of service and was thus not an authorized visitor.

As far as ways to strongly verify someone's age, you can try using a service like banks do for identity verification where questions are asked about the person and that is used to prove their identity and then a public records check can get their age from birth records, but this won't work in every location (some places don't have public birth record databases.) It also doesn't necessarily prevent someone from sneaking by as someone they are not. And finally, depending on the type of site, someone may not be particularly eager to provide information like social security number to many types of sites that would require strong age verification.

In the UK you could check credit records to verify someone's identity and age, provided the user consents to it. Still not infallible but probably no more/less so than asking for scans of ID (which can be tampered with anyway).

The question is for any given site. A cut down search is used extensively by bookmakers. I'd agree to many things for a free beer ;)
–
webdevduckApr 16 '13 at 13:17

If only there were a third-party age verification service that would run a credit check once and then allow websites to verify that user's age without running their own credit checks.
–
Matt ObeeApr 16 '13 at 14:07

You'd just use your parent's details for the credit check.
–
RushyoApr 19 '13 at 9:31

There is no way to ensure this kind of verification without falling back onto a second form of identification like a (confirmed) birth certificate or ID.

Probably the most applied verification for the moment is Facebook login. When registering to Facebook (as I recall, only 16+) you enter your date of birth. Once you try to enter a website, and lack the proper Facebook age, the website can effectively block you.

Of course this can be overcome by creating a dummy Facebook account etc., but at least it takes more effort, and will be a good barrier.

In order to be eligible to sign up for Facebook, you must be at least 13 years old. Also, seriously tough, who would sign into a porn site with facebook. That's asking for trouble!
–
MvisionApr 16 '13 at 15:56

4

Requirements for facebook accounts are extremely annoying to those of us who say no to facebook.
–
KazApr 16 '13 at 18:33

2

...but it requires a Facebook account. So, likely not the best answer from a user experience standpoint.
–
DA01Apr 17 '13 at 1:25

I would like to note there is one really sensible, pragmatic reason for age verification requests on a website - to warn people of exactly what kind of site they are accessing before it is simply foisted upon them. Let's face it, there is a lot of ways to come across a link in a way that it will not be labeled with "NSFW" (Not Safe For Work) even if it should be.

It's just polite to warn people so they can choose for themselves whether or not they want to see it now or at all, you know?

I think of it a bit like saying "have a nice day" or "thank you" to a customer; no, most companies don't really care so long as they get their money anymore than most makers of violent video games (and the like) actually care whether or not 12 year-olds are watching a Trailer of God of War III, but that doesn't mean us responsible individuals shouldn't be polite and say thank you and warn people before you show them a squirrel being Xed to Y by a wildebeest.

No I used to say I was 30 when I really was 12. Most of my friends at school did the same with such sites as well. In my opinion the banners aren't really their to prevent minors from going to the site, but to protect the company. If a kid does go on the site the company can not be responsible because they stated that you need to be 18 or older.

If you really need to prevent kids from getting onto the site, you should request for credit card info or ask questions that 90% of kids born in certain year wouldn't know, but most older people would know.

I really wouldn't recommend using credit card requests as age verification. That implies that you are selling something, and you're requesting payment before letting anyone even look at anything (whether that's the case or not, that's the impression you'd be giving over). That's going to deter many people.
–
JonW♦Apr 16 '13 at 8:36

credit cards are also issued to many people who are minors, it is certainly possible to get one at 16, and in some countries at 15 or younger as long as you have a paying job.
–
jwentingApr 16 '13 at 10:37

If you really want to keep children out of a site, then it's not going to be done through UI like this.

A better idea might be to find out what are the most popular solutions that parents (schools, libraries, ...) are using to filter out access to websites, and whether there are some proactive steps which you can take for your domain names to be listed in the databases used by those tools.

Keeping kids out of adult sites is the job of the parents, educators, or whoever else runs a LAN used by children. They have to install the measures so that adult sites are not accessible at all.

But if you have content which is actually "not safe for work", it's helpful to users to have a safe front page with a one-click Enter button.

Age verification banners have little to do with verifying age. Their main purposes are boosting a site's image and reducing liability. Having a good image in the view of the public can boost the success of a web site greatly. People who think of a web site as bad for the youth might not shop there and might even spout negative information to their friends. It's the bad version of word of mouth. The banner gives such people the impression that the web site owner is making an effort.

As for legal liability, this one is trickier. The main area of application is in alcohol and cigarettes. There's strong laws regulating their sale to minors. These companies have been sued in the past for promoting to minors. Having a scheme on their site to block minors lets them say they're trying to keep minors away. Doing little things like this can improve standing in front of a jury.

But, as for actual verification, no it doesn't work unless the kid has very little reasoning ability or willingness to break the rules. It's just politics. :)

Absolutely not. My son, would falsify his age so he could play a game rated for violence - as would any high school kid - and I would set up an gmail account for my daughter for google play and be denied access to her apps because of age (so I have to put a random age in, just to get it to work). It's great that methods are in place however these systems need to point to parental authority, rather than flat out deny access - let us make the decision on what is right or wrong for our children, and what they are capable of handling, and how indeed their maturity level is. I would appreciate it even more if the banner systems collected some form of id, like a SSN, in which a teen child have to explicitly either violate their parent's trust by taking this information and entering it (and please make this a minor juvenile offense) or would have to come and bring the decision to the parent - not leave it in the child's hands. Furthermore, I would really like to see a systematic implementation across the board of banner systems so that we as parents, can be held responsible for how we raise our children because as a parent when the oneness is on you, it suddenly makes you think.